Technology

Fileless Threats Protection

Fileless threats don’t store their bodies directly on a disk, but they cannot bypass advanced behavior-based detection, critical area scanning and other protection technologies.

Fileless malware is malware that does not store its body directly onto a disk. This type of malware became more popular in 2017 because of the increasing complexity of its detection and remediation. Although such techniques were limited to targeted attacks in recent years, today they proliferate more and more in the current threat landscape, and Kaspersky Lab registers new families of trojan-clickers or even adware with fileless components.

Threat actors deliver fileless payloads to a victim’s machine via the following methods:

Vulnerability exploitation

Malicious document with macros

Simple executable file

The following are examples of how legitimate applications are used to execute malicious scripts which are not stored on a disk. These techniques used for their persistence approach, become a true challenge for security solutions.

Executing malicious script with the help of mshta application

Using rundll32 application to execute malicious javascript script

Example of malicious WMI subscription

As part of its multi-layered, next generation protection, Kaspersky Lab offers several components that help to detect and protect from fileless threats:

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.